CN108199869A - For the wireless MAN and its safety management system of education sector - Google Patents

For the wireless MAN and its safety management system of education sector Download PDF

Info

Publication number
CN108199869A
CN108199869A CN201711426252.0A CN201711426252A CN108199869A CN 108199869 A CN108199869 A CN 108199869A CN 201711426252 A CN201711426252 A CN 201711426252A CN 108199869 A CN108199869 A CN 108199869A
Authority
CN
China
Prior art keywords
wireless
module
user
account
management system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711426252.0A
Other languages
Chinese (zh)
Inventor
周康勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Dgm Information Technology Co Ltd
Original Assignee
Zhejiang Dgm Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Dgm Information Technology Co Ltd filed Critical Zhejiang Dgm Information Technology Co Ltd
Priority to CN201711426252.0A priority Critical patent/CN108199869A/en
Publication of CN108199869A publication Critical patent/CN108199869A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/084Configuration by using pre-existing information, e.g. using templates or copying from other elements
    • H04L41/0843Configuration by using pre-existing information, e.g. using templates or copying from other elements based on generic templates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2852Metropolitan area networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0813Configuration setting characterised by the conditions triggering a change of settings
    • H04L41/082Configuration setting characterised by the conditions triggering a change of settings the condition being updates or upgrades of network functionality
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0876Aspects of the degree of configuration automation
    • H04L41/0886Fully automatic configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3215Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a plurality of channels

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Automation & Control Theory (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present invention relates to Overview of wireless MAN technologies field more particularly to a kind of wireless MANs and its safety management system for education sector.The wireless MAN is configured two pieces of wireless controller AC boards by H3C 7506E wireless cores interchanger and forms;The wireless controller AC increases by 256 wireless aps mandates.The safety management system includes authentication module, behavior management module, fort machine module, logger module and on-line monitoring module;The present invention is by setting behavior management that the use to internet is controlled and managed for Internet user.It is included to web page access filtering, network application control, bandwidth traffic management, information transmit-receive audit, user behavior analysis.Suggest transparent deployment in a network;By the way that fort machine module is set to carry out 4A internal control and managements to internal administrative staff and third party maintenance personnel.

Description

For the wireless MAN and its safety management system of education sector
Technical field
The present invention relates to Overview of wireless MAN technologies field more particularly to a kind of wireless MAN for education sector and its Safety management system.
Background technology
Wireless MAN (WMAN) transmits letter between referring to geographically to cover the distribution node of city and its suburb range Wireless network is locally-assigned in breath.It can realize the multiple services access service such as voice, data, image, multimedia, IP.It is covered The representative value of range is 3~5km, and the covering of point-to-point link can be up to tens kms, can provide the ability of supporting QoS and With the ambulant shared access ability of a certain range.The technologies such as MMDS, LMDS and WiMAX belong to Metropolitan Area Network (MAN) scope.Industry at present Boundary's enterprise-level
The technology trends of WLAN form the networking trend of two sets of mainstreams, i.e. FAT AP and FIT AP (fat AP and thin The scheme of AP).
FAT AP are traditional WLAN networking plans, and AP assumes responsibility for certification termination, roaming switch, dynamic key and generates in itself Sophisticated functions are waited, comparatively the function of AP is heavier because being referred to herein as FAT AP, and Huawei 3Com offers WA1208E is total to indoor and outdoor and is total to Four sections of 11a/b/g complete serieses AP are as FAT AP scheme networkings.
FIT AP are a kind of emerging WLAN networking models, and Wireless Switch are increased with respect to FAT AP schemes (nothing
Line interchanger) as central concentrated controling management equipment, the certification termination originally carried on FAT AP itself is overflow The complicated business functions such as trip switching, dynamic key are transferred on Wireless Switch to carry out, AP and Wireless Communicated between Switch by tunnel style, between can cross over L2, L3 network even wide area network be attached, therefore subtract Lack the burden of single AP, improve the working efficiency of whole net.Simultaneously because the characteristics of this centralized management of FIT AP schemes, The extension of more rich business function can be very easily realized by upgrading the software version of Wireless Switch.
3Com Co Ltd of Huawei provides Wireless Switch (WX5002/WX4400/WX1200)+FIT AP at present (WA2110-AG/AP2750/AP3750) the FIT AP solutions of+profession is wireless webmaster (Quidview/WXM)+CAMS, institute There is the installation of AP zero configurations itself, and other than transmitting data, whole net less radio-frequency environment can also be monitored, detected Go out illegal invasion AP and illegitimate client.
IT application in education sector is the important trend developed now, and wireless MAN is also in educational business such as school, school district Infrastructure, therefore built up all educational units in one region of basic covering and mainly imparted knowledge to students the wireless network at position.Meanwhile Wireless network also needs to have secure accessing, real-name authentication and is required with the technology of network log-in management equipment linkage wireless Metropolitan Area Network (MAN) and its safety management system are very necessary.
Invention content
This application provides a kind of wireless MAN and its safety management system for education sector, to solve existing skill The problem of educational system networked environments are not safe enough in art.
For this purpose, the present invention provides following technical proposals:A kind of wireless MAN for education sector, the wireless city Domain net is formed including wireless controller AC and Duo Tai wireless aps;The wireless aps are all matched by what wireless controller AC was unified It puts and manages;It is characterized in that:Two pieces of wireless controllers are configured by H3C 7506E wireless cores interchanger in the wireless MAN AC boards form;The wireless controller AC increases by 256 wireless aps mandates.
Further, the wireless aps carry out long-range PoE by PoE interchangers and power or select power supplied locally.
A kind of safety management system for education sector, the safety management system include authentication module, behavior Management module, fort machine module, logger module and on-line monitoring module;The authentication module output terminal respectively with row It is electrically connected for management module input terminal, logger module and fort machine module;
The behavior management module output terminal is electrically connected respectively with fort machine module and on-line monitoring module;
The logger module is electrically connected with on-line monitoring module.
Further, online user's Monitor And Control Subsystem, online condition monitoring subsystem are provided in the on-line monitoring module System, IDS, audit of information security system, forces off-line system and information issuing system at fire wall;The online user monitors son System is electrically connected respectively with online condition monitoring subsystem, fire wall, audit of information security system and fire wall;The fire wall It is electrically connected with IDS;Described information safety auditing system is electrically connected with the pressure off-line system;The pressure off-line system and letter Cease delivery system electrical connection.
Further, the authentication module workflow is:
User opens network address, and authenticating device is automatically redirected to the homepage on connection Portal Serve;
User's input handset number on homepage, and click " obtaining internet account " button;
Portal Server enter account and random cipher from trend database write, and background system automatically begins to calculate account The term of validity;
After confirmation is written successfully, Portal Server call short message interface that internet account and password are issued short message interface Module (Short Message Service Gateway);
User mobile phone receives the internet account and password of Short Message Service Gateway transmission;
User is surfed the Internet by WLAN terminals such as laptop computer or mobile phones, and authenticating device is automatically redirected to Portal The log in page of Server;
User inputs account number cipher, and click logs in;
Portal Server verify account number cipher input by user and the account in database
Check results transmission is assigned to authenticating device by Portal Server
After verifying successfully, user then directly accesses internet;
After the term of validity, account is automatically offline.
Further, the content of the logger module record includes:Account name logs in access time, is current online Number, total usage time, the target website address logged in, Target IP, source IP, MAC Address, GET/POST behaviors, user's operation System sign, interchanger label, floor markers.
Further, the upper net state of the online condition monitoring subsystem monitors includes:The same day and of that month online duration, The same day and of that month uplink and downlink flow, the packet number sended and received, TCP connection number, source IP, source MAC.
The technical solution that the application provides includes following advantageous effects:
1st, user only needs to establish service parameter template and device parameter template, and sets the AP specified and quote these moulds Plate, wireless controller can issue configuration according to advance configuration reference information to FIT AP when FIT AP start, and user's matches Workload is put to greatly reduce.
2nd, user is to be completed to act on behalf of by wireless controller to the management of FIT AP, and webmaster is no longer concerned about the IP of FIT AP Address, the association between FIT AP and wireless controller are to be automatically performed, the configuration intervention that user is no longer needed to carry out AP.
3rd, the data message of wireless user is encapsulated in by FIT AP in the data tunnel between AP and AC, accesses the edge net of AP Network does not need to change the configurations such as VLAN and ACL for the access of wireless user again.
4th, wireless controller saves the operation conditions of managed FIT AP and online user's statistical information, maintenance personnel Only it need to log on to the wireless controller specified and can complete information and watch.User is to pass through wireless control to the management of FIT AP Device is completed to act on behalf of, therefore the setting of online change service strategy and security strategy setting are also no longer needed to log on to AP one by one and be set It is standby, and only needing to log on to the wireless controller specified can complete to set, wireless controller can be automatically under new configuration It is dealt into the FIT AP specified.
5th, user no longer needs manually one by one to carry out AP equipment software upgrading, and AP can compare automatically in each restarting The version preserved on more currently running version and wireless controller, if the version updating preserved on wireless controller, FIT AP can automatically update local software.
6th, AP locally no longer preserves configuration information, and there is no the safety occurred due to configuration loss is hidden device losses Suffer from.
7th, by the way that safety management system is set to carry out security hardening, ensure educational environment online environment.
8th, by setting behavior management that the use to internet is controlled and managed for Internet user.It is included to webpage Access filtering, network application control, bandwidth traffic management, information transmit-receive audit, user behavior analysis.Suggest in a network transparent Deployment.
9th, by the way that fort machine module is set to carry out 4A internal control and managements to internal administrative staff and third party maintenance personnel.
Description of the drawings
In order to illustrate more clearly of the technical solution of the application, letter will be made to attached drawing needed in the embodiment below Singly introduce, it should be apparent that, for those of ordinary skills, without having to pay creative labor, It can also be obtained according to these attached drawings other attached drawings.
Fig. 1 is that a kind of modular structure of safety management system for education sector provided by the embodiments of the present application is illustrated Figure.
Fig. 2 is the on-line monitoring module in a kind of safety management system for education sector provided by the embodiments of the present application Structure diagram.
Fig. 3 is a kind of data flow figure of safety management system for education sector provided by the embodiments of the present application.
Fig. 4 is a kind of authentication online stream of safety management system for education sector provided by the embodiments of the present application Journey schematic diagram.
Fig. 5 is a kind of online condition monitoring of safety management system for education sector provided by the embodiments of the present application System monitoring schematic diagram data one.
Fig. 6 is a kind of online condition monitoring of safety management system for education sector provided by the embodiments of the present application System monitoring schematic diagram data two.
Fig. 7 is a kind of online condition monitoring of safety management system for education sector provided by the embodiments of the present application System monitoring schematic diagram data three.
Fig. 8 is a kind of online condition monitoring of safety management system for education sector provided by the embodiments of the present application System monitoring schematic diagram data four.
Fig. 9 is that a kind of one kind of safety management system for education sector provided by the embodiments of the present application is led for educating Dress schematic diagram is put in the school room of the wireless MAN in domain.
Figure 10 is that a kind of one kind of safety management system for education sector provided by the embodiments of the present application is used to educate School's corridor of the wireless MAN in field puts dress schematic diagram.
Specific embodiment
Attached drawing herein is incorporated into specification and forms the part of this specification, shows the implementation for meeting the application Example, and for explaining the principle of the application together with specification.
In order to illustrate the technical solutions in the embodiments of the present application or in the prior art more clearly, to embodiment or it will show below There is attached drawing needed in technology description to be briefly described, it should be apparent that, for those of ordinary skill in the art Speech, without creative efforts, can also be obtained according to these attached drawings other attached drawings.
Embodiment one
A kind of safety management system for education sector as shown in Figure 1, it is characterised in that:The safety management system packet Include authentication module, behavior management module, fort machine module, logger module and on-line monitoring module;The identity is recognized Card module output terminal is electrically connected respectively with behavior management module input, logger module and fort machine module;
The behavior management module output terminal is electrically connected respectively with fort machine module and on-line monitoring module;
The logger module is electrically connected with on-line monitoring module.
One as the present embodiment technical solution improves greatly, and the fort machine system is green alliance OSMS (NH3) V5.6:Mainly For carrying out 4A internal control and managements to internal administrative staff and third party maintenance personnel.
One as the present embodiment technical solution improves greatly, and behavior management module is deeply convinced network log-in management module AC-10000;The use to internet is controlled and managed for Internet user.It is included to web page access filtering, network application Control, bandwidth traffic management, information transmit-receive audit, user behavior analysis.Suggest transparent deployment in a network.
Authenticating device and deeply convinced AC-10000 behavior auditing equipment are docked, and authenticating device is able to record that client surfs the Internet Account, MAC, IP, URL, and account information is pushed to behavior auditing equipment, behavior auditing based on certification by account carry out Behavior auditing, and the information such as account, URL, internet content can be inquired in the backstage of behavior auditing, facilitate user's later stage anti- It looks into, it is only necessary to input account with regard to the internet information of associated user can be inquired.
Specifically, as shown in figure 3, the data flow schematic diagram of system is managed for safety.
First, wireless controller:Wireless controller and AP are the basic components that wireless network completes data forwarding.In controller plus Under the network architecture of AP, the Intelligent treatment of all about less radio-frequency management, network security management etc. is all concentrated on the controller Processing, and AP only completes the transmitting-receiving for side data of eating dishes without rice or wine.In real work, every controller a certain number of AP good at managing, and Secure encryption tunnel is established with every AP.After wireless medium reaches AP, AP is encapsulated data into tunnel and is transmitted user data To controller.Controller solves data, and the management strategies such as safety, QoS according to administrator's setting, is handled.
2nd, authentication:Wireless access certification for school office worker, student and visitor, different users are provided Group provides different authentication mode and access authority, and forms Log Shipping to behavior management audit device.
3rd, behavior management:The internet behavior of users all in network is supervised, while is joined with wilful system Dynamic, the account of certification is corresponding with the IP of auditing systematic administration, and display is for user name on auditing system.
For Bureau of Education's wireless network, providing one or more SSID (internal, visitor) and original cable network, realization has Line, wireless unified identity authentication.Unified identity authentication platform is built, it is related right convenient for the realization of the systems such as later stage and Digital Campus It connects.
Short Message Service Gateway certification is realized for Guest User, and wireless network (visitor) is accessed convenient for visitor, it can be quick, convenient Certification account and password are obtained by mobile phone, realize real-name authentication.
Have personalized Portal certification pages, provide Chinese and English Portal, and intelligent terminal and common PC can be distinguished Etc. the page that different terminals provides covering individual requirement;Yongjia Bureau of Education verification portal overall image is provided.
Have the good user interface of human-computer interaction, relevant configuration, branch are carried out according to different demands convenient for administrator Administrator is held by the management of web browser, intelligent terminal operation system to unified identity authentication platform, is inquired, statistics.
Consider application demand of Bureau of Education's wireless network to personalized Portal certification pages, wireless authentication device is supplied to AC Portal softwares based on 2.0 agreements of operator Portal:
A:Wireless controller end uses standard Portal2.0 agreements, and the web authentication page is directed toward authenticating device AC Portal server.AC Portal issue different according to wireless controller pushed information (IP, vlan, SSID, terminal type) Certification page
B:Wireless controller is docked using radius agreements with authenticating device gateway, realizes unified identity authentication and short message net Close certification
One as the present embodiment technical solution improves greatly, as shown in figure 4, the authentication module workflow is:
User opens network address, and authenticating device is automatically redirected to the homepage on connection Portal Serve;
User's input handset number on homepage, and click " obtaining internet account " button;
Portal Server enter account and random cipher from trend database write, and background system automatically begins to calculate account The term of validity;
After confirmation is written successfully, Portal Server call short message interface that internet account and password are issued short message interface Module (Short Message Service Gateway);
User mobile phone receives the internet account and password of Short Message Service Gateway transmission;
User is surfed the Internet by WLAN terminals such as laptop computer or mobile phones, and authenticating device is automatically redirected to Portal The log in page of Server;
User inputs account number cipher, and click logs in;
Portal Server verify account number cipher input by user and the account in database
Check results transmission is assigned to authenticating device by Portal Server
After verifying successfully, user then directly accesses internet;
After the term of validity, account is automatically offline.
Specifically, Verification System after having disposed all users using user name password come certification surf the Internet;User name It is to register in systems, corresponding user's real name.The record of user's online all so all corresponds to individual subscriber;User's registration is not Only include the phone that user's real name also has user, the real time information such as address and mail.
One as the present embodiment technical solution improves greatly, and the logger module is in the note that record is accessed for user It is very perfect in terms of record, can is to access record specially one database log file of design.And remember according to when its access When record is more than capacity, the new access record file of automatic distribution one by written document or can write the form of database and protect Access record is deposited, ensure that the integrality for accessing record and flexibility.
The storing process of authentication gateway is:After user log-in authentication success, website is accessed, is noted by the page or client It after pin, generates login record and access records, login record is stored in specified data library clothes by authentication gateway with record is accessed It is engaged in device
Access log is the length of storage time inside the form storage to database server hard disk by written document It is short, the size depending on hard drive space.As long as hard drive space is sufficiently large, it is possible to store comparable journal file, and ensure Data will not lose.
You can inquire at any time in record is accessed:Account name logs in access time, current online number, total use Time, the target website address logged in, Target IP, source IP, MAC Address, GET/POST behaviors etc..In addition can increase as needed Add required field, such as operating system of user mark, interchanger label, floor markers field etc..
At present, the demand of the inquiry of public security and state security organization to accessing record is very big, including hacker attack, instead Inquiry of dynamic speech etc., but the acquisition recorded is accessed for the access device that embedded network exports, it is that a load is very heavy Work.Authentication gateway while normal access authentication function is not influenced, can acquire user's visit with its high-performance high stability The complete URL records asked, meet the needs of campus administration significantly.
Embodiment two
As shown in Fig. 2, online user's Monitor And Control Subsystem, online condition monitoring subsystem are provided in the on-line monitoring module System, IDS, audit of information security system, forces off-line system and information issuing system at fire wall;The online user monitors son System is electrically connected respectively with online condition monitoring subsystem, fire wall, audit of information security system and fire wall;The fire wall It is electrically connected with IDS;Described information safety auditing system is electrically connected with the pressure off-line system;The pressure off-line system and letter Cease delivery system electrical connection.
Specifically, as viewed in figures 5-8, system provides complete online user's Monitor And Control Subsystem, can monitor use in real time The upper net state at family, including the same day and of that month online duration, the same day and of that month uplink and downlink flow, the packet number, the TCP that send and receive The details such as number, source IP, source MAC are connected, management system is monitored online in Verification System user can be with IDS, fire wall, information The realizations such as safety auditing system are docked, and the user account of the detection information of more than equipment acquisition and system is mapped in real time, It provides complete user's online real-time behavioural information to webmaster, for disabled user, management system pair can be monitored online in user User carries out forcing the functions such as offline and news release, and school's webmaster is enable to quickly find orientation problem source simultaneously can be right in real time User is controlled, and network management is made more to have timeliness, operability and accuracy.
Embodiment three
A kind of wireless MAN for education sector, it is wireless that the wireless MAN includes wireless controller AC and Duo Tai AP is formed;The wireless aps are all carried out unified configuration and management by wireless controller AC;It is characterized in that:The wireless city Domain net is configured two pieces of wireless controller AC boards by H3C 7506E wireless cores interchanger and forms;The wireless controller AC increases Add 256 wireless aps mandates.
One as the present embodiment technical solution improves greatly, and the wireless aps carry out long-range PoE by PoE interchangers and supply Electricity or selection power supplied locally.
Specifically, the framework has following advantage:
The configuration of A.FIT AP is stored in wireless controller, can be downloaded and be closed from wireless controller automatically when FIT AP start Suitable device configuration information.
B.FIT AP are required to obtain IP address automatically, at the same FIT AP be required to automatically find can access it is wireless Controller, and the network topology between wireless controller and FIT AP is insensitive.
C. wireless controller supports the Configuration Agent and inquiry proxy of FIT AP, can be suitable to the configuration of FIT AP by user Profit is passed to the FIT AP equipment specified, while can watch the state and statistical information of FIT AP in real time.
D. wireless controller preserves the recent software of FIT AP, and is responsible for automatically updating for FIT AP softwares.
It can be very good to solve to exist in medium-and-large-sized wlan network networking at present by this completely new network management interface Problem of management:
1st, user only needs to establish service parameter template and device parameter template, and sets the AP specified and quote these moulds Plate, wireless controller can issue configuration according to advance configuration reference information to FIT AP when FIT AP start, and user's matches Workload is put to greatly reduce.
2nd, user is to be completed to act on behalf of by wireless controller to the management of FIT AP, and webmaster is no longer concerned about the IP of FIT AP Address, the association between FIT AP and wireless controller are to be automatically performed, the configuration intervention that user is no longer needed to carry out AP.
3rd, the data message of wireless user is encapsulated in by FIT AP in the data tunnel between AP and AC, accesses the edge net of AP Network does not need to change the configurations such as VLAN and ACL for the access of wireless user again.
4th, wireless controller saves the operation conditions of managed FIT AP and online user's statistical information, maintenance personnel Only it need to log on to the wireless controller specified and can complete information and watch.User is to pass through wireless control to the management of FIT AP Device is completed to act on behalf of, therefore the setting of online change service strategy and security strategy setting are also no longer needed to log on to AP one by one and be set It is standby, and only needing to log on to the wireless controller specified can complete to set, wireless controller can be automatically under new configuration It is dealt into the FIT AP specified.
5th, user no longer needs manually one by one to carry out AP equipment software upgrading, and AP can compare automatically in each restarting The version preserved on more currently running version and wireless controller, if the version updating preserved on wireless controller, FIT AP can automatically update local software.
6th, AP locally no longer preserves configuration information, and there is no the safety occurred due to configuration loss is hidden device losses Suffer from.
Example IV
In order to ensure educational unit Radio Network System solutions all in region more have feasibility.In science reality Before applying, the wireless coverage situation of its main region is surveyed, to determine required AP quantity in each region for needing to cover And mounting means, to ensure smooth application of the Radio Network System in each counties and cities region and subordinate school.
According to requirement and on-site land survey that school covers wireless zone, the point position deployment position of floor is accurately devised It puts and quantity.
As shown in figure 9, to put dress schematic diagram in a certain floor room of certain school.
Specifically, application scenarios:Teaching building region, meeting room, Digital Reading Room;
Role:Teacher, student;
Terminal:Laptop, e-schoolbag (PAD), part mobile phone terminal, part teaching equipment;
AP deployment way:Wall hanging or ceiling installation in each classroom and corridor;
AP requirements:It supports 802.11ac, supports 2.4G/5G double frequency patterns, support spectrum analysis, support frequency spectrum navigation, branch Hold navigation.
As shown in Figure 10, dress schematic diagram is put for a certain floor corridor of certain school.
Specifically, application scenarios:Teaching building region, meeting room, Digital Reading Room;
Role:Teacher, administrative personnel;
Terminal:Laptop, e-schoolbag (PAD), part mobile phone terminal, part teaching equipment;
AP deployment way:Wall hanging or ceiling installation in each classroom and corridor;
AP requirements:It supports 802.11ac, supports 2.4G/5G double frequency patterns, support spectrum analysis, support frequency spectrum navigation, branch Hold navigation.
It should be noted that the relational terms of such as " first " and " second " or the like be used merely to an entity or Operation is distinguished with another entity or operation, and without necessarily requiring or implying between these entities or operation, there are any This practical relationship or sequence.Moreover, term " comprising ", "comprising" or its any other variant be intended to it is non-exclusive Property include so that article or equipment including a series of elements not only include those elements, but also including not having It the other element that is expressly recited or further includes as elements inherent to such a process, method, article, or device.Do not having There is the element in the case of more limiting, limited by sentence "including a ...", it is not excluded that in the mistake for including the element Also there are other identical elements in journey, method, article or equipment.
The above is only the specific embodiment of the application, is made skilled artisans appreciate that or realizing this Shen Please.A variety of modifications of these embodiments will be apparent to one skilled in the art, it is as defined herein General Principle can in other embodiments be realized in the case where not departing from spirit herein or range.Therefore, the application The embodiments shown herein is not intended to be limited to, and is to fit to and the principles and novel features disclosed herein phase one The most wide range caused.
It should be understood that the content that the application is not limited to be described above and be shown in the drawings, and can To carry out various modifications and change without departing from the scope.Scope of the present application is only limited by appended claim.

Claims (7)

1. for the wireless MAN of education sector, the wireless MAN includes wireless controller AC and Duo Tai wireless aps group Into;The wireless aps are all carried out unified configuration and management by wireless controller AC;It is characterized in that:The wireless MAN Two pieces of wireless controller AC boards are configured by H3C 7506E wireless cores interchanger to form;The wireless controller AC increases by 256 A wireless aps mandate.
2. the wireless MAN according to claim 1 for education sector, it is characterised in that:The wireless aps pass through PoE interchangers carry out long-range PoE power supplies or selection power supplied locally.
3. a kind of safety management system for education sector, it is characterised in that:The safety management system includes authentication Module, behavior management module, fort machine module, logger module and on-line monitoring module;The authentication module output End is electrically connected respectively with behavior management module input, logger module and fort machine module;
The behavior management module output terminal is electrically connected respectively with fort machine module and on-line monitoring module;
The logger module is electrically connected with on-line monitoring module.
4. the safety management system according to claim 3 for education sector, it is characterised in that:The on-line monitoring mould Be provided in block online user's Monitor And Control Subsystem, online condition monitoring subsystem, fire wall, IDS, audit of information security system, Force off-line system and information issuing system;Online user's Monitor And Control Subsystem respectively with online condition monitoring subsystem, anti- Wall with flues, audit of information security system and fire wall electrical connection;The fire wall is electrically connected with IDS;Described information security audit system System is electrically connected with the pressure off-line system;The pressure off-line system is electrically connected with information issuing system.
5. the safety management system according to claim 3 for education sector, it is characterised in that:The authentication mould Block workflow is:
User opens network address, and authenticating device is automatically redirected to the homepage on connection Portal Serve;
User's input handset number on homepage, and click " obtaining internet account " button;
Portal Server enter account and random cipher from trend database write, and it is effective that background system automatically begins to calculating account Phase;
After confirmation is written successfully, Portal Server call short message interface that internet account and password are issued short message interface module (Short Message Service Gateway);
User mobile phone receives the internet account and password of Short Message Service Gateway transmission;
User is surfed the Internet by WLAN terminals such as laptop computer or mobile phones, and authenticating device is automatically redirected to Portal Server's Log in page;
User inputs account number cipher, and click logs in;
Portal Server verify account number cipher input by user and the account in database
Check results transmission is assigned to authenticating device by Portal Server
After verifying successfully, user then directly accesses internet;
After the term of validity, account is automatically offline.
6. the safety management system according to claim 3 for education sector, it is characterised in that:The log recording mould The content of block record includes:Account name logs in access time, current online number, total usage time, the targeted website that logs in Location, Target IP, source IP, MAC Address, GET/POST behaviors, operating system of user mark, interchanger label, floor markers.
7. a kind of safety management system for education sector according to claim 4, it is characterised in that:It is described netted The upper net state of state Monitor And Control Subsystem monitoring includes:The same day and of that month online duration, the same day and of that month uplink and downlink flow, receive and Packet number, TCP connection number, source IP, the source MAC of transmission.
CN201711426252.0A 2017-12-26 2017-12-26 For the wireless MAN and its safety management system of education sector Pending CN108199869A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711426252.0A CN108199869A (en) 2017-12-26 2017-12-26 For the wireless MAN and its safety management system of education sector

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711426252.0A CN108199869A (en) 2017-12-26 2017-12-26 For the wireless MAN and its safety management system of education sector

Publications (1)

Publication Number Publication Date
CN108199869A true CN108199869A (en) 2018-06-22

Family

ID=62583925

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711426252.0A Pending CN108199869A (en) 2017-12-26 2017-12-26 For the wireless MAN and its safety management system of education sector

Country Status (1)

Country Link
CN (1) CN108199869A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112003709A (en) * 2020-07-08 2020-11-27 唐忠 Personnel management system for enterprises
CN112073977A (en) * 2020-08-25 2020-12-11 深圳市虹鹏能源科技有限责任公司 Network control method and device for tunnel
CN112419825A (en) * 2020-12-01 2021-02-26 武威职业学院 Multimedia accounting teaching device based on AR technique
CN112788127A (en) * 2020-12-31 2021-05-11 神州顶联科技有限公司 Personnel positioning system and method based on campus wireless network
CN113067732A (en) * 2021-03-23 2021-07-02 北京电信规划设计院有限公司 Internet access behavior management control method
CN113347625A (en) * 2021-06-04 2021-09-03 广州瀚信通信科技股份有限公司 Data transmission method and system for smart campus construction based on 5G edge calculation
CN114627701A (en) * 2020-12-10 2022-06-14 中测科技(广州)有限公司 Information acquisition teaching method based on virtual reality technology and application system

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080089305A1 (en) * 2006-10-13 2008-04-17 Huawei Technologies Co., Ltd. System and method for broadband mobile access network
CN102427610A (en) * 2011-12-29 2012-04-25 陈佳阳 Wireless router with built-in user management function, system and networking method thereof
CN102480759A (en) * 2010-11-25 2012-05-30 中兴通讯股份有限公司 Network-management realizing method and system on basis of fit wireless access point architecture
CN103095505A (en) * 2013-02-05 2013-05-08 北京傲天动联技术股份有限公司 Method and system for controlling power supply of power over Ethernet (POE) exchanger port
CN104080172A (en) * 2013-03-29 2014-10-01 上海贝尔股份有限公司 Method, device and system for WLAN resource management in access network system
CN104243206A (en) * 2014-09-03 2014-12-24 烽火通信科技股份有限公司 System and method for realizing centralized configuration and management of ONU wireless functions
CN104918251A (en) * 2015-06-25 2015-09-16 马秋平 Wireless network coverage system
CN106161048A (en) * 2015-03-27 2016-11-23 深圳市携网科技有限公司 Audit terminal and the wireless auditing system with this audit terminal
CN106211217A (en) * 2015-04-30 2016-12-07 深圳市商机无限网络科技有限公司 A kind of WIFI network method for auditing safely, platform
CN106301822A (en) * 2015-05-15 2017-01-04 阿里巴巴集团控股有限公司 A kind of methods, devices and systems that AP is configured
CN106713362A (en) * 2017-02-27 2017-05-24 深圳市携网科技有限公司 Method for realizing security investigation of WiFi network access
CN206743559U (en) * 2017-03-24 2017-12-12 朗高工程有限公司 A kind of wireless network covering system for building

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080089305A1 (en) * 2006-10-13 2008-04-17 Huawei Technologies Co., Ltd. System and method for broadband mobile access network
CN102480759A (en) * 2010-11-25 2012-05-30 中兴通讯股份有限公司 Network-management realizing method and system on basis of fit wireless access point architecture
CN102427610A (en) * 2011-12-29 2012-04-25 陈佳阳 Wireless router with built-in user management function, system and networking method thereof
CN103095505A (en) * 2013-02-05 2013-05-08 北京傲天动联技术股份有限公司 Method and system for controlling power supply of power over Ethernet (POE) exchanger port
CN104080172A (en) * 2013-03-29 2014-10-01 上海贝尔股份有限公司 Method, device and system for WLAN resource management in access network system
CN104243206A (en) * 2014-09-03 2014-12-24 烽火通信科技股份有限公司 System and method for realizing centralized configuration and management of ONU wireless functions
CN106161048A (en) * 2015-03-27 2016-11-23 深圳市携网科技有限公司 Audit terminal and the wireless auditing system with this audit terminal
CN106211217A (en) * 2015-04-30 2016-12-07 深圳市商机无限网络科技有限公司 A kind of WIFI network method for auditing safely, platform
CN106301822A (en) * 2015-05-15 2017-01-04 阿里巴巴集团控股有限公司 A kind of methods, devices and systems that AP is configured
CN104918251A (en) * 2015-06-25 2015-09-16 马秋平 Wireless network coverage system
CN106713362A (en) * 2017-02-27 2017-05-24 深圳市携网科技有限公司 Method for realizing security investigation of WiFi network access
CN206743559U (en) * 2017-03-24 2017-12-12 朗高工程有限公司 A kind of wireless network covering system for building

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112003709A (en) * 2020-07-08 2020-11-27 唐忠 Personnel management system for enterprises
CN112073977A (en) * 2020-08-25 2020-12-11 深圳市虹鹏能源科技有限责任公司 Network control method and device for tunnel
CN112419825A (en) * 2020-12-01 2021-02-26 武威职业学院 Multimedia accounting teaching device based on AR technique
CN112419825B (en) * 2020-12-01 2023-04-07 武威职业学院 Multimedia accounting teaching device based on AR technique
CN114627701A (en) * 2020-12-10 2022-06-14 中测科技(广州)有限公司 Information acquisition teaching method based on virtual reality technology and application system
CN112788127A (en) * 2020-12-31 2021-05-11 神州顶联科技有限公司 Personnel positioning system and method based on campus wireless network
CN113067732A (en) * 2021-03-23 2021-07-02 北京电信规划设计院有限公司 Internet access behavior management control method
CN113067732B (en) * 2021-03-23 2022-08-05 北京电信规划设计院有限公司 Internet access behavior management control method
CN113347625A (en) * 2021-06-04 2021-09-03 广州瀚信通信科技股份有限公司 Data transmission method and system for smart campus construction based on 5G edge calculation
CN113347625B (en) * 2021-06-04 2022-11-08 广州瀚信通信科技股份有限公司 Data transmission method and system for smart campus construction based on 5G edge calculation

Similar Documents

Publication Publication Date Title
CN108199869A (en) For the wireless MAN and its safety management system of education sector
CN104079636B (en) A kind of Mobile Campus Network based on cloud computing
CN101166173B (en) A single-node login system, device and method
CN106488525B (en) A kind of wireless network construction method and corresponding network framework of IP dynamic binding
CN101610502B (en) Method for mobile information integration based on different business systems of mobile application portal
CN103685215A (en) Power communication operation and maintenance mobile system and power communication operation and maintenance method
CN103929838A (en) System And Method For Providing Wireless Local Area Networks As Service
CN103595759B (en) Desktop presentation method based on high in the clouds
CN106411857A (en) Private cloud GIS service access control method based on virtual isolation mechanism
CN106254398A (en) A kind of Wi Fi network system and information-pushing method thereof
CN104581725B (en) A kind of Wi-Fi access dynamic authentication system and its authentication method
CN107959712A (en) A kind of shared laboratory system and operating method
CN104754287B (en) Video monitoring equipment configuration parameter delivery method and system
CN103795582A (en) Test method realized based on cloud service platform
CN108632265A (en) Communication connection method, device and system of client and storage medium
CN104320771A (en) Method, device and system for configuring home node B parameters
CN105827648B (en) Network admittance control system and control method based on the binding of IP-MAC real name
CA3150968C (en) Method of and system for monitoring civil air defense equipment maintenance
CN106161499A (en) Off-line acquisition system for WLAN
CN107733707A (en) The multi-platform cut-in method of standard WIFI agreements
CN104092681B (en) Personalized multi-media Intelligent campus content distribution interactive system based on location-based service
CN107071900A (en) A kind of user facility positioning method and device
CN106603257A (en) Method for determining association relationship between station and switch port
CN105262767B (en) Support the advertisement route system and its authentication method of multiple and different merchant advertisement push
CN104301412B (en) A kind of big data cloud service centralized management system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180622

RJ01 Rejection of invention patent application after publication